google Google lose appeal and are going to get sued over privacy concernsGoogle have lost their Court of Appeal bid to prevent British consumers having the right to sue them in the UK.

Pardon? Well, a group called Safari Users Against Google’s Secret Tracking (which has the frankly rubbish aconym of SUAGST) want to sue the internet behemoth in the English courts over what they claim are Google bypassing security settings to track them online.

Three appeal judges have dismissed Google’s appeal against a High Court ruling and ruled that claims for damages can be brought over the allegations of Google’s misuse of private information.

The Safari Users say that Google’s “clandestine” tracking and collation of internet usage (between the summer of 2011 and early 2012) led to distress and embarrassment among UK users. You might not remember that, because as a BW reader, you’re in a constant state of embarrassment and distress, so all the years roll into one.

Anyway, the group say that Google collected private info through cookies, without their information.

Dan Tench, a partner at law firm Olswang, who are representing the group, said this case decides “whether British consumers actually have any right to hold Google to account in this country”. Tench added: ”This is the appropriate forum for this case – here in England where the consumers used the internet and where they have a right to privacy.”

Lord Dyson, Master of the Rolls, and Lady Justice Sharp said in their joint judgement, with which Lord Justice McFarlane agreed: “On the face of it, these claims raise serious issues which merit a trial. They concern what is alleged to have been the secret and blanket tracking and collation of information, often of an extremely private nature… about and associated with with the claimants’ internet use, and the subsequent use of that information for about nine months.”

“The case relates to the anxiety and distress this intrusion upon autonomy has caused.”

twitch 300x300 Twitch hacked: credit card details stolen along with other informationTwitch, bought by Amazon last year which allows people to make money from streaming themselves playing video games, has been hacked.

Everyone is looking at Lizard Squad, who hacked Xbox as well as Lenovo. They’ve got previous with Twitch as well, when they carried out a DDoS attack, which was only resolved when (get this) four Twitter users gave in to the Squad’s demands to post selfies with “Lizard Squad” daubed on their foreheads.

However, this latest hack doesn’t look like the handiwork of Lizard Squad because, mainly, they crow about their actions very readily and they’re not really about stealing personal information, which is what’s happened here.

It appears that login details, passwords and some credit card information has been stolen in this particular hack. Twitch themselves have confirmed the hack, saying that all users will be forced to reset their passwords. They said: “For your protection, we have expired passwords and stream keys and have disconnected accounts from Twitter and YouTube. As a result, you will be prompted to create a new password the next time you attempt to log into your Twitch account.”

There’s no word on just how many people have been affected by this, but seeing as Twitch has over 45 million monthly viewers and in advance of 1 million people streaming videos, it is likely that this’ll be a large number of people who have had their security breached.

Twitch say that they’ve warned users and told them that the information that may have been swiped includes usernames, email addresses, the IP addresses from where people last logged in, credit card types, truncated card numbers and expiration dates, first and last names, phone numbers, home addresses, and dates of birth.

If you’re a Twitch user, it’d be worth changing the password for any sites you use that has a similar password to the one you use with this lot.

Google tracking your every move

March 19th, 2015 7 Comments By Mof Gimmers

A lot of people don’t like the power Google have online, and this won’t help the internet giant any further.

If you have an Android phone and a Google account, then you might have been tracked without you knowing. Now, this’ll be old news to some, but it seems like there’s a good number of people out there who still have no idea.

Not to worry though – you can stop being tracked really easily

First off, watch this short video which tells you about how you’re being tracked and how you can see where you’ve been – provided you had your phone in your pocket – via a section on Google Maps.

As you can see, you can go back in time and see where you’ve been on a Google Map, which may well give you the willies, but it is easy enough to fix.

First off, you should switch your location services off on your mobile. You’ll find that in your settings. Some apps ask you to turn your location on, but you don’t have to. Twitter doesn’t need to know where you are and if you’re using something like Tinder which requires your location to show you who wants to hump nearby, then only switch your location on when it is needed.

As the video shows, it is really easy to delete your location history, and you can find out more on that, here.

Twitter bans revenge porn and the like

March 12th, 2015 No Comments By Mof Gimmers

Twitter Logo1 Twitter bans revenge porn and the likeTwitter is banning revenge porn and has vowed to ban people who who post intimate images of people without their consent. Intimate, in this case, means ‘nudes’, rather than someone having a cuddle.

As well as that, Twitter is going after those who like a bit of doxxing. If you’re unfamiliar with the term, that’s when people publish the name and address of people just to get at them.

In Twitter’s brand new rules, they say: ”You may not post intimate photos or videos that were taken or distributed without the subject’s consent. You may not publish or post other people’s private and confidential information, such as credit card numbers, street address or Social Security/National Identity numbers, without their express authorization and permission.”

So, anyone caught doling out dodgily obtained nudes or indulging in some doxxery, they’ll be investigated and banned. Presumably, those people will then set up a new Twitter account and carry on as normal. It’s not like it is difficult to set up a sock-puppet account is it?

That said, Twitter could start handing over details to the police and, in Britain at least, anyone who is found guilty of distributing sexual images of a person without their consent could end up going to prison for two years.

These new laws define revenge porn as photos or films which show people “engaged in sexual activity or depicted in a sexual way or with their genitals exposed, where what is shown would not usually be seen in public”.

the internet 232x300 PMs plans to ban encryption arent a good idea

The internet, yesterday

A plan by David Cameron to block and ban encryption has been found to be a rubbish idea, according to a study by the UK parliament.

This report, carried out by the Parliamentary Office of Science and Technology, had a look at how the darknet (or Tor if you prefer) and online anonymity is being used. There’s little public support for it and the Darknet and Online Anonymity report (.pdf link here) noted that it is used by criminals, but it is also used by journalists and whistleblowers and journalists, so if you’re going to look at the ills, you have to weigh-up the pros too.

“There is widespread agreement that banning online anonymity systems altogether is not seen as an acceptable policy option in the UK. Even if it were, there would be technical challenges,” it said.

One thing the report pointed out, was that one place doing this was China, and their governments attempts to squash communications is not something that would be good for the UK.

The report continued, for those who understand the jargon: ”Some argue for a Tor without hidden services because of the criminal content on some THS. However, THS also benefit non-criminal Tor users because they may add a further layer of security.”

“If a user accesses a THS the communication never leaves the Tor network and the communication is encrypted from origin to destination. Therefore, sites requiring strong security, like whistleblowing platforms, are offered as THS. Also, computer experts argue that any legislative attempt to preclude THS from being available in the UK over Tor would be technologically unfeasible.”

Whether or not David Cameron listens to this report is quite another matter.

Bitterwallet Facebook censorship Facebook are looking at your account, without askingFacebook aren’t too clever when it comes to respecting your privacy. You knew that. 3 hour old babies could even tell you that Facebook aren’t to be trusted when it comes to things like that.

And so, to one Facebook user who paid a visit to the social network’s offices in Los Angeles, who saw something that gave him the willies, and will prompt some of you to pop your tinfoil hats on and start shouting “TOLD YOU SO!”

Making, ironically, a post on Facebook itself, Paavo Siljamäki noted that a Facebook engineer logged straight into his account, but without using a password.

He said: “Popped to Facebook offices in LA, the nice people there were giving us good advice on how to use Facebook better. I was then asked if i’m ok for them to look at my profile, i said ‘sure’. A Facebook engineer can then log in directly as me on Facebook seeing all my private content without asking me for the password.”

“Just made me wonder how many of Facebook’s staff have this kind of ‘master’ access to anyone’s account? What are the rules on who and when they can access our private content and how would we know if someone did? (My facebook did not notify me that someone else accessed my private profile).”

Over at NakedSecurity (not as fun as it sounds), they asked FB about this, and got this reply: “We have rigorous administrative, physical, and technical controls in place to restrict employee access to user data. Our controls have been evaluated by independent third parties and confirmed multiple times by the Irish Data Protection Commissioner’s Office as part of their audit of our practices.”

“Access is tiered and limited by job function, and designated employees may only access the amount of information that’s necessary to carry out their job responsibilities, such as responding to bug reports or account support inquiries. Two separate systems are in place to detect suspicious patterns of behaviour, and these systems produce reports once per week which are reviewed by two independent security teams.”

“We have a zero tolerance approach to abuse, and improper behavior results in termination.”

So there you have it. Some will argue that this is Facebook accessing the innards of your profile like a bank accessing your current account or whatever, while others will see this as a flagrant abuse of power by a company who already has a chequered history.

Should we be asking more questions regarding matters like this, or do we just accept that, posting things online is our deal with the devil and that nothing is private?

Apple and Android vulnerable to Freak Attack!

March 4th, 2015 No Comments By Mof Gimmers

apple android Apple and Android vulnerable to Freak Attack!Another day, another attack on people using gadgets to get on the internet. This time, something called Freak Attack (which sounds like an ace ’80s horror b-movie) is causing a headache for users of Android and Apple devices.

The good news is that there are no reports of this weakness being exploited (yet) and that the relevant companies are working quickly to shore up the flaw… but where has all this come from? Well, researchers reckon that the problem comes from code that came about from old government policies which required software developers to use weaker security in encryption programmes, thanks to that old chestnut of ‘international security concerns’.

The flaw is to do with web encryption technology, which could potentially enable bad people to spy on what you’re doing if you use Safari or Google’s Android browser.

Around a third of all encrypted sites were vulnerable as of yesterday, as sites continued to accept this weaker software, which affects Apple’s browsers, the Android browser, but not Google Chrome browser or the latest versions from Firefox or Microsoft.

Apple and Google have both said that they’ve fixed the Freak Attack flaw, with Apple rolling theirs out next week and Google saying that they’ve sent out the goods to device makers and wireless carriers.

Obviously, this highlights the problems with governments interfering with encryption codes, even when dealing with national security. This old policy has come back to bite it on the arse, as it could well do the opposite of what it was intended to do, and actually give a helping hand to criminals.

Until a rollout occurs, you’d be wise to use Chrome, Firefox or Microsoft’s browser or, indeed, ride your luck until the new security measures are in place, if you’re feeling saucy.

Nuisance calls and texts to be met with massive fines

February 25th, 2015 1 Comment By Mof Gimmers

telesales telephone Nuisance calls and texts to be met with massive finesThose irritating gits who run companies that mither everyone with nuisance calls and texts are looking at some new regulations that will slap them with huge fines. We’re talking penalties of (up to, of course) £500,000.

The current laws don’t do much to discourage these spam merchants, but that’s apparently going to change, as new rules will make it much easier to penalise them.

They come into play from April 6th and they mean that the Information Commissioner’s Office (ICO) won’t have to prove that unwanted messages are causing a “substantial damage or substantial distress” any more.

In addition to that, the Government are also looking at bringing in new rules which will see that executives on the board of these businesses will also be held responsible for these calls and messages.

“For far too long companies have bombarded people with unwanted marketing calls and texts, and escaped punishment because they did not cause enough harm,” said digital economy minister Ed Vaizey. “This change will make it easier for the Information Commissioner’s Office to take action against offenders and send a clear message to others that harassing consumers with nuisance calls or texts is just not on.”

We all know how slippery these cold-callers are, so it would be wise to avoid holding your breath until we actually see someone getting a massive fine. Still, this is, initially, very good news for everyone.

Parking ticket data breach for tens of thousands

February 24th, 2015 1 Comment By Mof Gimmers

eating in the car Parking ticket data breach for tens of thousandsA database full of around 10,000 people’s parking ticket details isn’t as secure as previously thought as somehow, it has ended up being published online.

According to Sky News, the company called PaymyPCN.net, which has collected penalty charges for two decades has a direct link to the Driver and Vehicle Licensing Agency (DVLA) database, which means people who shouldn’t be looking, can see drivers’ names and addresses.

Not only that, there’s public access to the content of emails that are appealing charges and photos of drivers and the cars. In addition to all that, this database allows the aforementioned photos to be uploaded and deleted, which is just magic.

How did this all come about? Well, a link to all that lovely data was published on Twitter by Michael Green after a private parking firm sent it to someone in error.

Green said: “I am not surprised by this. The DVLA claims to have safeguards in place to ensure drivers’ details are safe but these only exist as media soundbites. Our campaign challengethefine.com aims to get people compensated for parking data breaches. Despite the RAC Foundation questioning the legality of these charges the DVLA still passes millions of details on to private firms.”

database 1 1 480x360 Parking ticket data breach for tens of thousands

Of course, this is the DVLA that have come under heavy fire for their collective failure to vet and audit the companies in which they are prepared to sell the names and addresses of motorists, so this latest news isn’t a shock at all. This is also the same DVLA who have been acting unlawfully when it comes to losing your letters that you’ve sent them (and here’s what you can do if the DVLA say they’ve lost your letter).

A DVLA spokeswoman said: “This is not a DVLA error. We take our duty to safeguard data very seriously and we will not compromise data security. DVLA does not hold or provide data such as photographs, emails and phone numbers to private parking companies.”

As for PayMyPCN – if you want to get in touch with them to see about data breaches, here’s the number to call and their email: Tel: 03450 737 209, enquiry@paymypcn.net.

UK & US intelligence illegally hack SIM cards

February 20th, 2015 No Comments By Mof Gimmers

sim cards petr kratochvil pd 300x168 UK & US intelligence illegally hack SIM cardsAmerican and British intelligence agencies have been up to no good. They’ve been hacking, illegally, into SIM cards to steal codes so they can try to listen in on people’s calls, according to reports.

This, like all scary spy and surveillance news, has trickled out from the infamous former American intelligence contractor, Edward Snowden.

Spies hacked the SIMs of a company called Gemalto who, as you can imagine, are pretty furious about all this as they operate in 85 different countries and they’d rather not be thought of as complicit in all of this.

The Intercept are calling this “the great Sim heist” and that surveillance agencies were given “the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data”. Some of the mobile networks that are clients of Gemalto include T-Mobile, AT&T, Verizon and “some 450 wireless network providers around the world”.

The source also claims that this hack was organised by Britain’s GCHQ and America’s NSA and that, the hack resulted in the ability to unscramble calls, texts and emails from the decode data that is flung through the air between phones and cell towers. It has also been claimed that Gemalto employees were cyber-stalked and their emails were tapped into so agencies could steal encryption keys.

A Gemalto spokeswoman said: “We take this publication very seriously and will devote all resources necessary to fully investigate and understand the scope of such highly sophisticated techniques to try to obtain Sim card data.”

Lenovo ThinkPad driver 300x300 300x300 Have Lenovo been installing bank intercepting software on laptops?Lenovo have been accused of something pretty grim, and if true, they’ll have some tough questions to answer. Users on the Lenovo forum have been talking about a bit of adware which goes by the name of ‘Superfish’. It seems that this adware has been hijacking browsers to place third-party adverts on Google searches and websites without the permission of the users.

That’s pretty bad, but the accusations get worse.

This apparently happens by utilising self-signed certificates to trick browsers into showing them on your computer and one person has claimed that the program intercepted a connection to their bank, which means that Superfish could well be collecting data without authorisation.

A number of posts prompted Lenovo employee Mark Hopkins to try and set the record straight. He said that Lenovo has removed Superfish from laptops and that the company have requested that the developer publishes a patch to plug the security gap. He said: ”Due to some issues (browser pop up behaviour for example), with the Superfish Visual Discovery browser add-on, we have temporarily removed Superfish from our consumer systems until such time as Superfish is able to provide a software build that addresses these issues.

“As for units already in market, we have requested that Superfish auto-update a fix that addresses these issues.”

Lenovo have stopped preloading Superfish into new consumer laptops as of January 2015, and they’re investigating what is happening with the systems that are already out there.

HOW TO REMOVE SUPERFISH FROM YOUR COMPUTER

First, hit Start/Windows and open Control Panel. Hit ‘Select Uninstall a program’ or ‘Add or Remove Programs’ and then select ‘WindowsShopper’ and press ‘Remove’ or right-click to select ‘Uninstall’.

There are associated programs that come with Superfish, such as Yontoo – remove that in the same manner as above.

If you’re using Windows 8, select ‘Control Panel’ from the Charm bar settings and click ‘Uninstall a program’ and remove the unwanted application from there.

To remove it from your browser, do as follows.

Google Chrome: Hit the 3-bar icon, top right of the window. Select ‘Tools’ then ‘Extensions’ before selecting the ‘Superfish WindowShopper’ extension and click the bin icon to get rid of it.

If you’re on Internet Explorer, in the browser, go to ‘Tools’, ‘Manage Add-ons’, ‘Enable or Disable Add-ons’ and disable the unwanted app. With Firefox, again, go to ‘Tools’, then ‘Add-ons’ and the ‘Extensions’ and select ‘Windows Shopper’ and remove it.

Any other troubles, employ a Spyware removal tool to get rid of it.

Bitterwallet Facebook censorship Facebook hack says you might want to back up your cherished photosIf you have a Facebook account, chances are, you’ve got a load of important photos on there. Your graduation day might be on there. That night out you had with pals you haven’t seen for a decade. That time your mate shot themselves through the foot when you went clay pigeon shooting. Cherish memories.

Well, you might want to back those photos up because a security researcher has just discovered that he can delete all your Facebook memories with four lines of code.

Someone called Laxman Muthiyah was mucking around with Facebook’s Graph API. On their blog, after musing about whether or not they could delete other people’s photos, they wrote: “I decided to try it with Facebook for mobile access token because we can see delete option for all photo albums in Facebook mobile application isn’t it? Yeah and also it uses the same Graph API. so took a album id & Facebook for android access token of mine and tried it.”

Of course, a good chunk of that is impenetrable techspeak to most people, but basically, what this means that, Facebook access tokens is the line of characters that allows an app to gain access to your profile. Laxman used such a token for the Android app and a random photo album ID and, lo and behold, it transpired you could get in and start mucking around with people’s stuff.

For those who like to get under the hood of things, click here to see Laxman’s workings-out. Or, if you prefer, you can watch a video of it instead of reading all that pesky text.

Now, Laxman has reported this to Facebook and they promptly fixed the bug. However, that’s not to say that they’re aren’t other flaws in the security of social networks.

So, with that, it is advised that you back your photos up if you don’t want them vanishing off the internet. There’s a number of cloud services like Google Drive and the iCloud to store your photos, but as we know, they’re not guaranteeing your stuff is locked-down either, what with the recent Fappening occurrence.

The best bet, if you have a load of photos, is to store them on your hard-drive or buy an external drive to keep them in. A bit of a faff, sure, but if you’re determined to keep hold of those photos from when you ran through a field covered in brightly coloured powder for charity, then you’ll need to do something about it.

Samsung TV puts ads in videos you own

February 11th, 2015 No Comments By Mof Gimmers

Samsung Samsung TV puts ads in videos you ownAdverts on TV and online videos are nothing new, but how would you feel about a television that puts advertisements into videos you own? You’d be weirded out at the least and furious at the most.

Well, after the Big Brother TV Sets debacle with Samsung, we now hear of one of their smart TVs inserting commercials into a video that were stored locally on a Plex media server. The Reddit user in question complained that a Pepsi ad played while they were watching shows and movies on his Samsung television.

Of course, this could well be a look into the future as advertisers try and get their wares into as many platforms as possible. However, in this case, it looks like it was an error Samsung’s part, with a bit of faulty programming.

It seems a few people have had this problem and it isn’t happening on sets made by anyone else. A recent software update seems to be the cause of this particular irritant.

The way to stop this happening, if you’re the owner of a Samsung TV set, is to click “disagree with the Yahoo Privacy Notice” in the options in your Samsung’s Smart Hub options.

However, this does appear to be something Samsung are interested in, as in 2014, the company said that they were looking at “interactive experiences” which will be offered to people on an ‘opt-in’ basis.

Both issues are have a similarity though – it appears that Samsung are treating your data with a reasonable amount of recklessness and, if they don’t get these problems sorted, they might find that customers are going to lose all confidence in them.

Apple to update your iPhone to make it speedier!

February 10th, 2015 1 Comment By Mof Gimmers

iphone 6 Apple to update your iPhone to make it speedier!Does you iPhone run slower than an ageing colonel? Is your Apple device about as nifty as a double decker filled with concrete passengers? Well, there’s some good news for you!

Apple are planning a new, free software update which will make your iPad and iPhone run much more quickly. That’s nice of them isn’t it? Unless they mess it up of course.

This brand new iOS 9 update is apparently going to try and iron out all the bugs and lag from your device and generally speed the performance up. While previous iOS updates have been all about that interface, tidying up design and fiddling with the functions, the new one has set its sights almost wholly on performance and speed.

Rumour has it that this new update will come in June and of course, like all other iOS updates, it’ll be free for all compatible devices.

So there you go. If you’ve been whining about your iThing, all your problems might be solved when the summer comes.

Samsung try to calm you over voice-stealing TVs

February 10th, 2015 No Comments By Mof Gimmers

samsung logo Samsung try to calm you over voice stealing TVsEveryone was shrieking in horror yesterday when it turned out that Samsung’s new TVs were voice-activated and it would listen to your voice and store it in some evil word-server at Samsung HQ.

Today, Samsung are trying to calm everyone down and downplay the idea that they’re Big Brother, putting eavesdropping televisions in your house and listening to you while you do dirty phone calls or shout obscenities while playing video games online.

As a reminder, the policy said: “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to the third party.”

Naturally, Samsung aren’t the only people doing this. Most voice activated stuff is problematic when it comes to personal privacy. In fact, back in 2013, LG had a similar problem with their smart TVs, regarding the data they gathered while people were watching telly.

In a statement, Samsung said with the utmost gravity, that they take privacy issues “very seriously” and have put in place a number of safeguards to stop unauthorised use of your data.

The statement pointed out that the voice recognition feature on their smart TVs was an option and could simply be switched off and that: “Should consumers enable the voice recognition capability, the voice data consists of TV commands, or search sentences, only.”

Feel better now? While you might be able to forgive them for these snooping television sets, no-one should ever forget the time they did that awful, awful rap song.